哪位帮忙看看：我中了什么毒啊

.Qmq999 以下是我的日志扫描： Logfile of HijackThis v1.99.1 Scan saved at 22:50:23, on 2006-12-7 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Program Files\rising\Rav\CCenter.exe C:\Program Files\rising\Rav\Ravmond.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\rising\Rav\RavStub.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\Rundll32.exe C:\Herosoft\HeroV8\SYSEXPLR.EXE C:\Program Files\rising\Rav\RavTask.exe C:\Program Files\rising\Rav\Ravmon.exe C:\WINNT\system32\internat.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\slserv.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\ChinaNet\VnetClient.exe C:\Program Files\Tencent\QQ\QQ.exe C:\Program Files\Tencent\QQ\TIMPlatform.exe C:\Program Files\Kingsoft\iciba\Iciba.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\zzy\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file) R3 - URLSearchHook: ICQ　Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe O2 - BHO: WinSearch - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINNT\system32\winsearch.dll O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll ~ O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - (no file) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(＆R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O3 - Toolbar: 金山快译(＆K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SysExplr] C:\Herosoft\HeroV8\SYSEXPLR.EXE O4 - HKLM\..\Run: [RavTask] ＂C:\Program Files\rising\Rav\RavTask.exe＂ -system O4 - HKCU\..\Run: [Internat.exe] internat.exe O4 - Startup: 腾讯QQ珊瑚虫版.lnk = C:\Program Files\Tencent\QQ\CoralQQ.exe O8 - Extra context menu item: ＆ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Save豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 使用KuGoo3下载(＆K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 珊瑚虫搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm O8 - Extra context menu item: 珊瑚虫超级搜索 - C:\Program Files\yok\yoksch.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 豪杰超级解霸V8实时播放 - C:\Herosoft\HeroV8\MPURLGET.HTM , O9 - Extra button: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE O9 - Extra 'Tools' menuitem: 豪杰超级解霸V8 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Herosoft\HeroV8\STHSDVD.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show ＆Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra 'Tools' menuitem: ＆FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9964444C-5ABD-4345-8C16-00C4388E5A1E}: NameServer = 202.103.224.68 202.103.225.68 O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe dngz.net O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe O23 - Service: SmartLinkService (SLService) -　 　- C:\WINNT\SYSTEM32\slserv.exe 拜托了

没什么病毒，就是什么一大堆插件. 超级兔子清下！

好的，谢谢 　 　原来我进邮箱写邮件老会死机，而且关机的时候总跳出一个提示某个程序未关闭。。。感觉中了木马

用hijackthis直接修复： R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file)

R3 - URLSearchHook: ICQ　Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe O2 - BHO: WinSearch - {27E96DE0-8211-42CF-9A1E-FA6246A95B77} - C:\WINNT\system32\winsearch.dll O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - (no file) O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(＆R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll 这个服务实有无用，禁用掉O23 - Service: SmartLinkService (SLService) -　 　- C:\WINNT\SYSTEM32\slserv.exe 不知哪个调用了C:\WINNT\system32\Rundll32.exe，可以在有这个进程时用SREng日志扫日志看看

楼上说禁用的那项确实很可疑。后来我用瑞星卡卡助手扫描未知病毒时扫描到了然后按了删除，不知道清除掉没可是后来我扫描还是发现它在。我不知道如何禁用它，我进控制面板中的计算机管理中的服务和应用程序中没找到这个slserv.exe ,我只好在进程管理里结束了它的进程，也许下次开机它还会出来。 　以前中过灰鸽子病毒也是只能中止了它的进程，但是在注册表中删除不掉它，老说有应用程序在运行，可是找不到到底是哪个，我又按楼上说的用sreng 扫描了日志，拜托帮我看看： dngz.net您的电脑医生 2006-12-09,22:05:49 System Repair Engineer 2.2.6.605 Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能 以下内容被选中： 　 　 所有的启动项目（包括注册表、启动文件夹、服务等） 　 　 浏览器加载项 　 　 正在运行的进程（包括进程模块信息） 　 　 文件关联 　 　 Winsock 提供者 　 　 Autorun.inf 　 　 HOSTS 文件 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 　 　 ＜Internat.exe＞＜internat.exe＞　[(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] 　 　 ＜load＞＜＞　[N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 　 　 ＜Synchronization Manager＞＜mobsync.exe /logon＞　[(Verified)Microsoft Corporation] 　 　 ＜SysExplr＞＜C:\Herosoft\HeroV8\SYSEXPLR.EXE＞　[N/A] 　 　 ＜RavTask＞＜＂C:\Program Files\rising\Rav\RavTask.exe＂ -system＞　[Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] 　 　 ＜KKDelay＞＜C:\Program Files\Rising\AntiSpyware\RunOnce.exe＞　[Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 　 　 ＜shell＞＜Explorer.exe＞　[(Verified)Microsoft Corporation] 　 　 ＜Userinit＞＜C:\WINNT\SYSTEM32\Userinit.exe,＞　[(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 　 　 ＜AppInit_DLLs＞＜＞　[N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] 　 　 ＜{32CD708B-60A7-4C00-9377-D73EAA495F0F}＞＜C:\WINNT\system32\RavExt.dll＞　[Beijing Rising Technology Co., Ltd.] 　 　 ＜{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}？＞＜＞　[N/A] dngz.net [HKEY_CURRENT_USER\Control Panel\Desktop] 　 　 ＜SCRNSAVE.EXE＞＜C:\Herosoft\HeroV8\豪杰多~1.SCR＞　[N/A] ================================== 启动文件夹 N/A ================================== 服务

[IPSEC Client / 8NASCAR] 　＜C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087＞＜N/A＞ [Logical Disk Manager Administrative Service / dmadmin] 　＜C:\WINNT\System32\dmadmin.exe /com＞＜VERITAS Software Corp.＞ [Windows Gateway / Live] 　＜C:\WINNT\System32\svchost.exe -k netsvcs--＞C:\WINNT\system32\spted.dll＞＜N/A＞ [Rising Process Communication Center / RsCCenter] 　＜＂C:\Program Files\rising\Rav\CCenter.exe＂＞＜Beijing Rising Technology Co., Ltd.＞ [RsRavMon Service / RsRavMon] 　＜＂C:\Program Files\rising\Rav\Ravmond.exe＂＞＜Beijing Rising Technology Co., Ltd.＞ [SmartLinkService / SLService] 　＜slserv.exe＞＜＞ [Windows XP / Windows XP] 　＜C:\WINNT\Hacker.com.cn.ini＞＜N/A＞ [Portable Media Serial Number Service / WmdmPmSN] 　＜C:\WINNT\System32\svchost.exe -k netsvcs--＞C:\WINNT\system32\mspmsnsv.dll＞＜Microsoft Corporation＞

================================== 驱动程序 [Rising TDI Base Driver / BaseTDI] 　＜System32\DRIVERS\BaseTDI.SYS＞＜Beijing Rising Technology Co., Ltd.＞ [Cdr4_2K / Cdr4_2K] 　＜C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS＞＜Roxio＞ [Cdralw2k / Cdralw2k] 　＜C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS＞＜Roxio＞ [cfssert / cfssert] 　＜\？\C:\WINNT\system32\jwqeqhk.sys＞＜N/A＞ [dmboot / dmboot] 　＜System32\drivers\dmboot.sys＞＜VERITAS Software Corp.＞ [Logical Disk Manager Driver / dmio] 　＜\SystemRoot\System32\drivers\dmio.sys＞＜VERITAS Software Corp.＞ [dmload / dmload] 　＜\SystemRoot\System32\drivers\dmload.sys＞＜VERITAS Software Corp.＞ www.dngz.net [ExpScaner / ExpScaner] 　＜\？\C:\Program Files\rising\Rav\ExpScan.sys＞＜＞ [WAN Miniport Driver For PPPoE Protocol / GNetPPPoE] 　＜system32\DRIVERS\PPPoE.SYS＞＜Guangdong Data Communications Network Co.Ltd.＞ [HOOKAPI / HOOKAPI] 　＜\？\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys＞＜瑞星软件有限公司＞ [HookCont / HookCont] 　＜\？\C:\Program Files\rising\Rav\HOOKCONT.sys＞＜Rising＞ [HookReg / HookReg] 　＜\？\C:\Program Files\rising\Rav\HookReg.sys＞＜＞ [HookSys / HookSys] 　＜\？\C:\Program Files\rising\Rav\HookSys.sys＞＜Rising＞ [i81x / i81x] 　＜system32\DRIVERS\i81xnt5.sys＞＜Intel Corporation＞ [MEMSCAN / MEMSCAN] 　＜\？\C:\Program Files\rising\Rav\MEMSCAN.sys＞＜瑞星软件有限公司＞ [Mtlmnt5 / Mtlmnt5] 　＜system32\DRIVERS\Mtlmnt5.sys＞＜＞ [Mtlstrm / Mtlstrm] 　＜system32\DRIVERS\Mtlstrm.sys＞＜＞ [Netgroup Packet Filter / NPF] 　＜system32\drivers\npf.sys＞＜N/A＞ [npkcrypt / npkcrypt] 　＜\？\C:\Program Files\Tencent\QQ\npkcrypt.sys＞＜INCA Internet Co., Ltd.＞

[NtMtlFax / NtMtlFax] 　＜system32\DRIVERS\NtMtlFax.sys＞＜＞ [SoC PC-Camer@ / PAC207] 　＜system32\DRIVERS\pfc027.sys＞＜＞ [Padus ASPI Shell / pfc] 　＜system32\drivers\pfc.sys＞＜Padus, Inc.＞ [Direct Parallel Link Driver / Ptilink] 　＜system32\DRIVERS\ptilink.sys＞＜Parallel Technologies, Inc.＞ [RsNTGDI / RsNTGDI] 　＜\SystemRoot\system32\Drivers\RsNTGdi.sys＞＜Beijing Rising Technology Co., Ltd.＞ [RSPPSYS / RSPPSYS] 　＜\？\C:\Program Files\rising\Rav\RSPPSYS.sys＞＜Rising＞ [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139] 　＜system32\DRIVERS\RTL8139.SYS＞＜Realtek Semiconductor Corporation＞ [SlNtHal / SlNtHal] 　＜system32\DRIVERS\Slnthal.sys＞＜＞ [SmartLink PCI Driver / slntphil]

dngz.net

　＜system32\DRIVERS\slntphil.sys＞＜＞ [SlWdmSup / SlWdmSup] 　＜system32\DRIVERS\SlWdmSup.sys＞＜Vireo Software＞ [TYKeeper / TYKeeper] 　＜2 - 系统找不到指定的文件。 ＞＜N/A＞ ================================== 浏览器加载项 [豪杰超级解霸V8] 　{367E0A21-8601-4986-9C9A-153BF5ACA118} ＜C:\Herosoft\HeroV8\STHSDVD.EXE, N/A＞ [ICQ Lite] 　{B863453A-26C3-4e1f-A54D-A2CD196348E9} ＜C:\Program Files\ICQLite\ICQLite.exe, ICQ Ltd.＞ [@shdoclc.dll,-866] 　{c95fe080-8f5d-11d2-a20b-00aa003c157a} ＜, N/A＞ [QQ] 　{c95fe080-8f5d-11d2-a20b-00aa003c157b} ＜C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT＞ [FlashGet] 　{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} ＜C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft＞ [QQIEFloatBarCfgCmd Class] 　{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} ＜C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司＞ [金山快译(＆K)] 　{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} ＜C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司＞ [ICQ　Toolbar] 　{855F3B16-6D32-4fe6-8A56-BBB695989046} ＜C:\Program Files\ICQToolbar\toolbaru.dll, ICQ Inc.＞ [WebActivater Control] 　{3D8F74EE-8692-4F8F-B8D2-7522E732519E} ＜C:\WINNT\system32\WEBACT~1.OCX, QQ＞ [Shockwave Flash Object] 　{D27CDB6E-AE6D-11CF-96B8-444553540000} ＜C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.＞ [Rising Web Scan Object] 　{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} ＜C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.＞ [YOKHttpFilter Class] 　{686D3343-D00D-49A1-96DF-66F3AF62F348} ＜C:\Program Files\yok\adblock.dll, N/A＞ [YOKAdBlock Class] 　{718F4AD3-70D4-425E-9159-5598DFC732ED} ＜C:\Program Files\yok\adblock.dll, N/A＞ [＆ICQ Toolbar Search] 　＜res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML, N/A＞

(www.dngz.net)

[Save豪杰超级解霸V8实时播放] 　＜C:\Herosoft\HeroV8\MPURLGET.HTM, N/A＞ [上传到QQ网络硬盘] 　＜C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A＞ [使用KuGoo3下载(＆K)] 　＜C:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A＞ [使用网际快车下载] 　＜C:\Program Files\FlashGet\jc_link.htm, N/A＞ [使用网际快车下载全部链接] 　＜C:\Program Files\FlashGet\jc_all.htm, N/A＞ [添加到QQ自定义面板] 　＜C:\Program Files\Tencent\QQ\AddPanel.htm, N/A＞ [添加到QQ表情] 　＜C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A＞ [珊瑚虫超级搜索] 　＜C:\Program Files\yok\yoksch.htm, N/A＞ [用QQ彩信发送该图片] 　＜C:\Program Files\Tencent\QQ\SendMMS.htm, N/A＞ [豪杰超级解霸V8实时播放] 　＜C:\Herosoft\HeroV8\MPURLGET.HTM, N/A＞ ================================== 正在运行的进程 [PID: 140][\SystemRoot\System32\smss.exe]　[Microsoft Corporation, 5.00.2195.6601] [PID: 164][\？\C:\WINNT\system32\csrss.exe]　[Microsoft Corporation, 5.00.2195.6601] [PID: 184][\？\C:\WINNT\system32\winlogon.exe]　[Microsoft Corporation, 5.00.2195.6898] 　 　 [C:\WINNT\system32\COMCTL32.dll]　[Microsoft Corporation, 5.81] [PID: 212][C:\WINNT\system32\services.exe]　[Microsoft Corporation, 5.00.2195.6700] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] 　 　 [C:\WINNT\system32\dmserver.dll]　[VERITAS Software Corp., 2195.6605.297.3] [PID: 224][C:\WINNT\system32\lsass.exe]　[Microsoft Corporation, 5.00.2195.6902] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] [PID: 388][C:\WINNT\system32\svchost.exe]　[Microsoft Corporation, 5.00.2134.1] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] [PID: 416][C:\Program Files\rising\Rav\CCenter.exe]　[Beijing Rising Technology Co., Ltd., 18, 0, 0, 3] [PID: 476][C:\WINNT\system32\spoolsv.exe]　[Microsoft Corporation, 5.00.2195.7059] 本文来自 www.dngz.net

　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] [PID: 556][C:\Program Files\rising\Rav\RavStub.exe]　[Beijing Rising Technology Co., Ltd., 19, 0, 0, 4] 　 　 [C:\WINNT\system32\COMCTL32.dll]　[Microsoft Corporation, 5.81] 　 　 [C:\Program Files\rising\Rav\RsCommX.dll]　[rising, 18, 0, 0, 1] 　 　 [C:\Program Files\rising\Rav\RSCOMMON.DLL]　[Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] [PID: 696][C:\WINNT\Explorer.EXE]　[Microsoft Corporation, 5.00.3700.6690] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] 　 　 [C:\WINNT\system32\browseui.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\WINNT\system32\RavExt.dll]　[Beijing Rising Technology Co., Ltd., 19, 0, 0, 7] 　 　 [C:\WINNT\system32\mlang.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] 　 　 [C:\Program Files\rising\Rav\RSCOMMON.DLL]　[Beijing Rising Technology Co., Ltd., 19, 0, 0, 5] 　 　 [C:\WINNT\system32\actxprxy.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\WINNT\system32\imgutil.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\WINNT\system32\mshtmled.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\Program Files\WinRAR\rarext.dll]　[N/A, N/A] 　 　 [C:\Program Files\rising\Rav\RavScrCh.dll]　[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] 　 　 [C:\WINNT\system32\slcpappl.cpl]　[, 1, 0, 1, 3] 　 　 [C:\Program Files\ICQLite\ICQLiteShell.dll]　[, 20, 34, 2423, 0] [PID: 720][C:\WINNT\system32\Rundll32.exe]　[Microsoft Corporation, 5.00.2134.1] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] 　 　 [C:\WINNT\system32\COMCTL32.dll]　[Microsoft Corporation, 5.81] (www.dngz.net)版权所有 [PID: 648][C:\WINNT\system32\svchost.exe]　[Microsoft Corporation, 5.00.2134.1] 　 　 [C:\WINNT\system32\COMCTL32.dll]　[Microsoft Corporation, 5.81] [PID: 780][C:\WINNT\system32\regsvc.exe]　[Microsoft Corporation, 5.00.2195.6701] [PID: 768][C:\WINNT\system32\MSTask.exe]　[Microsoft Corporation, 4.71.2195.6920] 　 　 [C:\WINNT\system32\COMCTL32.dll]　[Microsoft Corporation, 5.81] [PID: 884][C:\WINNT\system32\stisvc.exe]　[Microsoft Corporation, 5.00.2195.6656] 　 　 [C:\WINNT\system32\COMCTL32.dll]　[Microsoft Corporation, 5.81] [PID: 936][C:\Herosoft\HeroV8\SYSEXPLR.EXE]　[N/A, N/A] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] 　 　 [C:\Herosoft\HeroV8\AVCDROM.dll]　[N/A, N/A] 　 　 [C:\Herosoft\HeroV8\CoolMenu.dll]　[N/A, N/A] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] 　 　 [C:\Herosoft\HeroV8\Sys936.DLL]　[N/A, N/A] 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] [PID: 952][C:\WINNT\System32\WBEM\WinMgmt.exe]　[Microsoft Corporation, 1.50.1085.0100] [PID: 980][C:\WINNT\system32\svchost.exe]　[Microsoft Corporation, 5.00.2134.1] 　 　 [C:\WINNT\system32\ADVPACK.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] [PID: 1008][C:\WINNT\system32\internat.exe]　[Microsoft Corporation, 5.00.2920.0000] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] [PID: 1012][C:\Program Files\ChinaNet\VnetClient.exe]　[, 2005, 3, 7, 1] 　 　 [C:\Program Files\ChinaNet\Communicate.dll]　[0, 2005, 3, 3, 1] 　 　 [C:\Program Files\ChinaNet\DialModule.dll]　[, 2005, 3, 22, 1] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] www.dngz.net 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] 　 　 [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]　[, 2004, 2, 28, 1] 　 　 [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]　[, 2005, 3, 7, 1] 　 　 [C:\PROGRA~1\ChinaNet\sign.dll]　[0, 2004, 12, 1, 1] 　 　 [C:\PROGRA~1\ChinaNet\PostPlug.dll]　[, 2004, 12, 16, 2] 　 　 [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]　[, 2004, 12, 30, 0] 　 　 [C:\WINNT\system32\mlang.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\PROGRA~1\ChinaNet\VnetBs.ocx]　[, 2004, 11, 18, 1] 　 　 [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]　[, 2005, 3, 3, 1] 　 　 [C:\PROGRA~1\ChinaNet\AccountMgr.dll]　[, 2005, 3, 7, 2] 　 　 [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]　[, 2005, 2, 24, 1] 　 　 [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]　[, 2004, 11, 25, 0] 　 　 [C:\PROGRA~1\ChinaNet\PassCtrl.dll]　[, 1, 0, 0, 1] 　 　 [C:\PROGRA~1\ChinaNet\PlugPush.dll]　[, 2004, 12, 21, 1] 　 　 [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]　[, 2004, 11, 23, 1] 　 　 [C:\PROGRA~1\ChinaNet\VNetLog.ocx]　[, 2005, 10, 9, 1] 　 　 [C:\PROGRA~1\ChinaNet\StatNum.dll]　[, 2004, 11, 18, 1] 　 　 [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]　[, 2005, 3, 2, 1] 　 　 [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]　[, 2005, 3, 9, 1] 　 　 [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]　[, 2004, 11, 23, 1] 　 　 [C:\PROGRA~1\ChinaNet\DialogStyle.dll]　[, 1, 0, 0, 1] 　 　 [C:\PROGRA~1\ChinaNet\Timer.ocx]　[, 2004, 11, 25, 1] 　 　 [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]　[GDDC, 1, 0, 0, 1] 　 　 [C:\PROGRA~1\ChinaNet\VNETUP~1.OCX]　[, 1, 0, 0, 1] 　 　 [C:\WINNT\system32\Macromed\Flash\Flash8b.ocx]　[Macromedia, Inc., 8,0,24,0] 　 　 [C:\Program Files\rising\Rav\RavScrCh.dll]　[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] 　 　 [C:\WINNT\system32\mshtmled.dll]　[Microsoft Corporation, 6.00.2600.0000] (www.dngz.net)版权所有 　 　 [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]　[, 1, 0, 0, 1] 　 　 [C:\WINNT\system32\imgutil.dll]　[Microsoft Corporation, 6.00.2600.0000] [PID: 644][C:\Program Files\Internet Explorer\IEXPLORE.EXE]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\WINNT\system32\comctl32.dll]　[Microsoft Corporation, 5.81] 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] 　 　 [C:\WINNT\system32\BROWSEUI.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll]　[金山软件股份有限公司, 4, 0, 0, 0] 　 　 [c:\PROGRA~1\chinanet\VNETTR~1.DLL]　[, 2005, 4, 6, 1] 　 　 [c:\PROGRA~1\chinanet\Communicate.dll]　[0, 2005, 3, 3, 1] 　 　 [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]　[, 2004, 2, 28, 1] 　 　 [C:\Program Files\Tencent\QQ\QQIEHelper.dll]　[深圳市腾讯计算机系统有限公司, 1, 1, 0, 5] 　 　 [C:\WINNT\system32\mlang.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\Program Files\rising\Rav\RavScrCh.dll]　[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4] 　 　 [C:\WINNT\system32\mshtmled.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\WINNT\system32\imgutil.dll]　[Microsoft Corporation, 6.00.2600.0000] 　 　 [C:\WINNT\system32\UNISPIM.IME]　[北京清华紫光软件股份有限公司, 3.0.0.3045] 　 　 [C:\WINNT\system32\upengine.dll]　[北京清华紫光软件股份有限公司, 3.0.0.3045] 　 　 [C:\WINNT\system32\actxprxy.dll]　[Microsoft Corporation, 6.00.2600.0000] [PID: 1556][C:\Program Files\WinRAR\WinRAR.exe]　[N/A, N/A] 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] [PID: 1632][C:\DOCUME~1\zzy\LOCALS~1\Temp\Rar$EX00.205\SREng\SREng.exe]　[Smallfrogs Studio, 2.2.6.605] . 　 　 [C:\WINNT\system32\COMCTL32.DLL]　[Microsoft Corporation, 5.81] 　 　 [C:\Herosoft\HeroV8\VCvtShell.dll]　[herosoft, 1, 0, 0, 1] 　 　 [C:\WINNT\DOWNLO~1\BDPlugin.dll]　[, 1, 0, 1, 1] 　 　 [C:\WINNT\system32\mlang.dll]　[Microsoft Corporation, 6.00.2600.0000] ================================== 文件关联 .TXT　OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE　OK. [＂%1＂ %*] .COM　OK. [＂%1＂ %*] .PIF　OK. [＂%1＂ %*] .REG　OK. [regedit.exe ＂%1＂] .BAT　OK. [＂%1＂ %*] .SCR　OK. [＂%1＂ /S] .CHM　OK. [＂C:\WINNT\hh.exe＂ %1] .HLP　OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI　OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF　OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS　OK. [%SystemRoot%\System32\WScript.exe ＂%1＂ %*] .JS　OK. [%SystemRoot%\System32\WScript.exe ＂%1＂ %*] .LNK　OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1　 　 　 localhost

Tykeeper.sys是个脚本病毒，在安全模式下，将注册表和c:\windows\system2\drivers\tykeeper.sys都删除，有助于你大大提高上网速度。。:lol

俺补充一下： 服务 [IPSEC Client / 8NASCAR] 　＜C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087＞＜N/A＞ 木马 [Windows Gateway / Live] 　＜C:\WINNT\System32\svchost.exe -k netsvcs--＞C:\WINNT\system32\spted.dll＞＜N/A＞ 木马 [Windows XP / Windows XP] 　＜C:\WINNT\Hacker.com.cn.ini＞＜N/A＞ 灰鸽子，

灰鸽子？ 名字怪好听的,只可惜是个病毒的名字,呵呵:lol